Security Quality Requirements Engineering Technical Report

November 2005 • Technical Report

Nancy R. Mead, Eric Hough, Ted Stehney II

In this 2005 report, the authors present the SQUARE Methodology for eliciting and prioritizing security requirements in software development projects.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2005-TR-009

Subjects

Abstract

Requirements engineering, a vital component in successful project development, often does not include sufficient attention to security concerns. Studies show that up-front attention to security can save the economy billions of dollars, yet security concerns are often treated as an afterthought to functional requirements. Industry can thus benefit from a model to examine security requirements in the development stages of the production life cycle.

This report presents the Security Quality Requirements (SQUARE) Methodology for eliciting and prioritizing security requirements in software development projects, which was developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program. The methodology's steps are explained, and results from its application in recent case studies are examined. The NSS Program continues to develop SQUARE, which has proven effective in helping organizations understand their security posture and produce products with verifiable security requirements.

Download PDF

Part of a Collection

Cite This Report

SEI

Mead, Nancy; Hough, Eric; & Stehney II, Ted. Security Quality Requirements Engineering Technical Report. CMU/SEI-2005-TR-009. Software Engineering Institute, Carnegie Mellon University. 2005. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7657

IEEE

Mead. Nancy, Hough. Eric, and Stehney II. Ted, "Security Quality Requirements Engineering Technical Report," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2005-TR-009, 2005. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7657

APA

Mead, Nancy., Hough, Eric., & Stehney II, Ted. (2005). Security Quality Requirements Engineering Technical Report (CMU/SEI-2005-TR-009). Retrieved May 30, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7657

CHI

Nancy Mead, Eric Hough, & Ted Stehney II. Security Quality Requirements Engineering Technical Report (CMU/SEI-2005-TR-009). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2005. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7657

MLA

Mead, Nancy., Hough, Eric., & Stehney II, Ted. 2005. Security Quality Requirements Engineering Technical Report (Technical Report CMU/SEI-2005-TR-009). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7657

BibTex

@techreport{MeadSecurityQuality2005,
title={Security Quality Requirements Engineering Technical Report},
author={Nancy Mead and Eric Hough and Ted Stehney II},
year={2005},
number={CMU/SEI-2005-TR-009},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=7657} }

Ask a question about this Technical Report

Software Engineering Institute